phpMyAdmin ($_REQUEST) SQL Injection Vulnerability - Security - World


Editor Login \| Register		Ekle

Root > World > Security

phpMyAdmin ($_REQUEST) SQL Injection Vulnerability - Security - World - Root

Security Experts

(Date : 03.03.2008 11:11:49)

phpMyAdmin ($_REQUEST) SQL Injection Vulnerability

Description

A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct SQL injection attacks.

The vulnerability is caused due to the application obtaining parameters via the "$_REQUEST" variable, and using them without proper sanitation in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code via a malicious cookie.

Successful exploitation requires that a phpMyAdmin user is tricked into visiting a malicious website.

The vulnerability is reported in versions prior to 2.11.5.

Solution
Update to version 2.11.5

the-r00t | Security Experts TIM

Derecelendir

Kaynak

http://secunia.com/advisories/29200/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS